From fabc787fc376671a0827a5a11a8b224757442567 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 14 Aug 2013 08:02:23 +0000 Subject: [PATCH] * ProjectManager: fix SQL error if searching for string containing numbers and underscore or percent skip user-wildcards (*,?) in is_numeric test, but not SQL wildcards, which get escaped and give sql-error --- etemplate/inc/class.so_sql.inc.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/etemplate/inc/class.so_sql.inc.php b/etemplate/inc/class.so_sql.inc.php index a744089440..e3a83ac757 100644 --- a/etemplate/inc/class.so_sql.inc.php +++ b/etemplate/inc/class.so_sql.inc.php @@ -1295,7 +1295,8 @@ class so_sql $GLOBALS['egw']->db->quote($wildcard.str_replace(array('%','_','*','?'),array('\\%','\\_','%','_'),$token).$wildcard); // Compare numeric token as equality for numeric columns - if(is_numeric(str_replace(array('%','_','*','?'), '', $token))) + // skip user-wildcards (*,?) in is_numeric test, but not SQL wildcards, which get escaped and give sql-error + if (is_numeric(str_replace(array('*','?'), '', $token))) { $numeric_filter = array(); foreach($numeric_columns as $col) @@ -1305,7 +1306,7 @@ class so_sql // Token has a wildcard from user, use LIKE $numeric_filter[] = "($col IS NOT NULL AND CAST($col AS CHAR) " . $this->db->capabilities['case_insensitive_like'] . ' ' . - $GLOBALS['egw']->db->quote(str_replace(array('%','_','*','?'),array('\\%','\\_','%','_'),$token)) . ')'; + $GLOBALS['egw']->db->quote(str_replace(array('*','?'), array('%','_'), $token)) . ')'; } else {